Provided by: erlang-manpages_13.b-1_all bug

NAME

       ssl - The SSL Application

DESCRIPTION

       The  Secure  Socket  Layer  (SSL)  application  provides  secure socket
       communication over TCP/IP.

WARNING

       In previous versions of Erlang/OTP SSL  it  was  advised,  as  a  work-
       around,  to set the operating system environment variable SSL_CERT_FILE
       to point at a file containing CA  certificates.  That  variable  is  no
       longer needed, and is not recognised by Erlang/OTP SSL any more.

       However,  the OpenSSL package does interpret that environment variable.
       Hence a setting of that variable might have  unpredictable  effects  on
       the  Erlang/OTP  SSL  application.  It is therefore adviced to not used
       that environment variable at all.

ENVIRONMENT

       The following  application  environment  configuration  parameters  are
       defined  for  the  SSL application. Refer to application(3erl) for more
       information about configuration parameters.

       Note that the environment parameters can be set on  the  command  line,
       for instance,

       erl ... -ssl protocol_version [sslv2, sslv3] ....

         ephemeral_rsa = true | false <optional>:
             Enables  all  SSL  servers  (those that listen and accept) to use
             ephemeral RSA key generation when a  clients  connect  with  weak
             handshake  cipher  specifications, that need equally weak ciphers
             from the server (i.e. obsolete restrictions on  export  ciphers).
             Default is false.

         debug = true | false <optional>:
             Causes  debug  information  to  be  written  to  standard output.
             Default is false.

         debugdir = path() | false <optional>:
             Causes debug information output controlled by debug and  msgdebug
             to  be  printed  to  a  file  named  ssl_esock.<pid>.log  in  the
             directory specified by debugdir, where  <pid>  is  the  operating
             system specific textual representation of the process indentifier
             of the external port program of the SSL application.  Default  is
             false, i.e. no log file is produced.

         msgdebug = true | false <optional>:
             Sets  debug  =  true  and  causes  also the contents of low level
             messages to be printed to standard output. Default is false.

         port_program = string() | false <optional>:
             Name of port program. The default is ssl_esock.

         protocol_version = [sslv2|sslv3|tlsv1] <optional>.:
             Name of protocols  to  use.  If  this  option  is  not  set,  all
             protocols  are  assumed, i.e. the default value is [sslv2, sslv3,
             tlsv1].

         proxylsport = integer() | false <optional>:
             Define the port number  of  the  listen  port  of  the  SSL  port
             program. Almost never is this option needed.

         proxylsbacklog = integer() | false <optional>:
             Set  the  listen  queue  size  of the listen port of the SSL port
             program. The default is 128.

OPENSSL LIBRARIES

       The current implementation of the Erlang SSL application  is  based  on
       the  OpenSSL  package  version  0.9.7  or  higher. There are source and
       binary releases on the web.

       Source  releases  of  OpenSSL  can  be  downloaded  from  the   OpenSSL
       <http://www.openssl.org>  project  home  page,  or  mirror sites listed
       there.

       The same  URL  also  contains  links  to  some  compiled  binaries  and
       libraries  of  OpenSSL  (see  the  Related/Binaries  menu) of which the
       Shining      Light      Productions       Win32       and       OpenSSL
       <http://www.shininglightpro.com/search.php?searchname=Win32+OpenSSL>
       pages are of interest for the Win32 user.

       For some Unix flavours there are binary packages available on the  net.

       If you cannot find a suitable binary OpenSSL package, you have to fetch
       an OpenSSL source release and compile it.

       You then have to compile and install  the  libraries  libcrypto.so  and
       libssl.so  (Unix),  or  the  libraries  libeay32.dll  and  ssleay32.dll
       (Win32).

       For Unix The ssl_esock port program  is  delivered  linked  to  OpenSSL
       libraries  in /usr/local/lib, but the default dynamic linking will also
       accept libraries in /lib and /usr/lib.

       If that is not applicable to the particular Unix operating system used,
       the example Makefile in the SSL priv/obj directory, should be used as a
       guide to relinking the final version of the port program.

       For Win32 it is only required that the libraries can be found from  the
       PATH  environment  variable,  or  that  they  reside in the appropriate
       SYSTEM32 directory; hence no particular relinking  is  need.  Hence  no
       example Makefile for Win32 is provided.

RESTRICTIONS

       Users must be aware of export restrictions and patent rights concerning
       cryptographic software.

SEE ALSO

       application(3erl)